Chat with us, powered by LiveChat Skip to main content
Echo360 Status:

EchoVideo: Universal Capture and Antivirus Software

Hannah Petty
  • Created:
  • Updated:

In general, any antivirus software you have installed is scanning your computer and comparing your files, programs, etc., against a database of known malware and viruses. Occasionally, something on your computer may appear as potentially unwanted, which means that even though it is not malicious, they are not quite sure what it is.

Echo360 makes every effort to ensure that Universal Capture (UC) is not flagged or blocked. However, depending on your local security policies and your security tooling (including newer AI/ML-based or “next‑gen” antivirus and EDR tools), you may need to explicitly trust Universal Capture or add it to an allowlist/exception list.

This article describes:

  • When antivirus or endpoint protection might interfere with Universal Capture  
  • Special considerations for AI-driven / behavior-based security tools  
  • General recommendations for allowlisting UC  
  • Known issues and configuration notes for specific antivirus products

When Universal Capture May Be Affected

Antivirus, endpoint protection, and EDR (Endpoint Detection and Response) tools can affect Universal Capture in several ways:

  1. Blocking installation or upgrades
    • The installer is quarantined or silently blocked  
    • The installer runs but fails with a generic error
  2. Blocking launches
    • Universal Capture does not start at all  
    • UC closes immediately after launch with no error  
    • Logs show access denied / quarantine / blocked process messages
  3. Interfering with recording or upload
    • Recordings fail to start or stop unexpectedly  
    • Captured files cannot be saved or uploaded  
    • Performance issues (lag, stutter) during capture  
    • Uploads timing out or being reset
  4. Causing connection and Room status issues
    • UC: Classroom may lose connection with EchoVideo even though the workstation is powered on
    • The associated Rooms may appear offline in EchoVideo
    • Scheduled recordings may not start or may not be uploaded, resulting in missed or incomplete recordings

These issues can occur with traditional, signature-based antivirus, as well as AI / ML-based or behavior-based tools (often described as “next‑gen antivirus” or EDR).

If you see these behaviors and you are running antivirus or security agents, temporarily disabling them (if permitted by your institution’s policies) can help confirm whether they are the cause. If disabling the security tool resolves the issue, use the configuration guidance below to create a permanent allowlist exception for Universal Capture.

Special considerations for “Next‑Gen” tools

Many modern security products use machine learning and behavioral analysis in addition to (or instead of) traditional signature databases. Examples include, but are not limited to, products from vendors such as CrowdStrike, SentinelOne, Microsoft Defender for Endpoint, Carbon Black, TrendMicro, and similar solutions.

These tools may:

  • Flag UC as a “Potentially Unwanted Application (PUA)”, “unknown application”, or “ML / heuristic” detection  
  • Block UC based on behavior (for example, accessing cameras, microphones, screens, or writing large media files) even if the executable is not known to be malicious  
  • Restrict UC’s ability to communicate over the network or to specific cloud endpoints

To work reliably with these tools, administrators generally need to:

  1. Allowlist the Universal Capture application and directories
    • Add UC executables and install/data directories to Application, File/Folder, or Path exclusions.
    • If the product supports publisher or certificate trust, configure a rule to trust binaries signed by Echo360 / EchoVideo.
  2. Create behavioral / policy exceptions
    • Add UC as a trusted or allowed application in policy rules that govern:
      • Screen recording or screen capture
      • Webcam and microphone access
      • Local media encoding and file writes
      • Network communication to EchoVideo endpoints
    • If the product supports “known good” / “IT-approved” apps, add UC to that list.
  3. Tune ML / heuristic rules for Universal Capture
    • If UC is repeatedly flagged with an ML/heuristic detection name, create a specific exception for that detection when it is triggered by UC’s signed binaries and paths.
    • Ensure that “auto-quarantine” or “auto-kill” actions are not applied to Universal Capture.
  4. Apply the changes via central management
    • In centrally managed deployments, ensure all policy changes are applied from the management console and pushed to:
      • Instructor and staff workstations running UC
      • Lecture capture workstations or classroom computers

Because configuration interfaces and rule names vary widely between vendors, Echo360 recommends that institutional IT and security teams manage these exceptions centrally and test UC thoroughly after changes.

Directories and files used by Universal Capture

To configure your antivirus or security software correctly, you may need to allowlist:

  • The Universal Capture application executable(s)  
  • The installation and data directories used by Universal Capture
Access needed for... Default Location When used
Program files C:\Program Files\Echo360\UniversalCapture\ during upgrades and patches
Content C:\ProgramData\Echo360\UniversalCapture\data\task temporary location during a capture
Content backup C:\ProgramData\Echo360\UniversalCapture\data\saved-content after upload
Configuration files C:\ProgramData\Echo360\UniversalCapture\data\config at any time
Upgrades C:\Program Files\Echo360\UniversalCapture\upgrades during upgrades and patches

For a detailed list of directories, file locations, and technical specifications, see: Universal Capture Specifications

Use those paths when adding application, file, or directory exclusions in your security tools.

General recommendations

Because each product has different terminology and UI, the exact steps will vary. In general:

  1. Add Universal Capture as a trusted application
    • Add the UC executable(s) as “trusted”, “allowed”, or “approved” applications.
    • If available, configure the product to trust the Echo360/EchoVideo code-signing certificate.
  2. Exclude UC directories from real‑time and on‑access scanning
    • Exclude the UC installation and data directories (see Universal Capture Specifications).
    • For AI/behavioral tools, explicitly allow behaviors UC needs (screen capture, audio capture, large file writes) within those paths.
  3. Adjust ML/heuristic/PUA rules for UC
    • For any PUA or ML-based detections associated with Universal Capture, create an exception so these detections do not result in blocking or quarantine.
    • Confirm that the exception is scoped carefully (e.g., to the UC binary and its known paths) and approved by your security team.
  4. Update and propagate central policy
    • Apply the updated configuration to all relevant security policies and confirm it has been pushed to all endpoints that run Universal Capture.

If you are not an administrator on your device, share this article and the Universal Capture Specifications with your institution’s IT or security team so they can configure the environment correctly.

Known antivirus configurations

This section lists antivirus solutions that are known to have flagged Universal Capture, along with recommended configuration changes.

Sophos

In some environments, Sophos may flag Universal Capture as:

Generic ML PUA

Sophos classifies this as not necessarily malicious but potentially unwanted based on its machine-learning and heuristic analysis.

To prevent Sophos from blocking or quarantining Universal Capture:

  1. Create an exclusion for Universal Capture
    • In the Sophos Central console, add an Application or File/Folder exclusion for:
      • The Universal Capture executable(s)
      • The Universal Capture installation and data directories (see *Universal Capture Specifications* for paths)
  2. Exclude the PUA classification for Universal Capture
    • Ensure that Generic ML PUA detections related to Universal Capture are allowed or excluded.
    • Confirm that UC is not being quarantined or auto-removed.
  3. Confirm policy is applied
    • Verify the updated policy has been applied to all devices where UC is installed.
    • Reinstall or relaunch Universal Capture if it was previously quarantined.

For detailed, product-specific instructions, refer to Sophos’s official documentation on managing Application/PUA exclusions: https://docs.sophos.com/central/Customer/help/en-us/central/Customer/tasks/ep_ScanningExclusions.html?hl=global,exclusions

Other antivirus and EDR products

If you use another antivirus or endpoint protection/EDR product and see Universal Capture being flagged, blocked, or terminated:

  1. Review the detection details
    • Capture the detection or rule name (for example, “heuristic”, “ML prediction”, “behavioral rule”, “unknown executable”, or “PUA”).
    • Confirm the flagged file is part of Universal Capture (using file path and digital signature where possible).
  2. Add allowlist / exclusions
    • Add UC’s executable(s) and directories to application/file/folder exclusions.
    • Where supported, configure rules to trust Echo360’s signed binaries and to allow UC’s required behaviors.
  3. Consult your vendor’s documentation
    • Look for configuration topics such as:
      • “trusted applications”
      • “application control exclusions”
      • “behavioral rule exceptions”
      • “ML/heuristic exclusions”
      • “PUA policy” or “reputation-based blocking”
  4. Engage Echo360 Support and your security team
    • If UC continues to be blocked or terminated after exclusions are added, contact Echo360 Support and include:
      • Your antivirus/EDR vendor and product name
      • Version number
      • The exact detection name or rule ID  
      • Any relevant log entries or screenshots
      • Your institution’s security team may also be able to work directly with the vendor to classify UC correctly for your environment.

Getting Additional Help

If you continue to experience issues with Universal Capture that you suspect are related to antivirus, endpoint protection, or EDR software, please contact Echo360 Support.

To help us diagnose the issue quickly, include:

  • Your operating system and version
  • Universal Capture version
  • Antivirus/EDR product name and version
  • Whether the product is AI/ML-based or “next‑gen antivirus/EDR” and, if known, whether the detection is signature-based or heuristic/behavioral
  • Exact error messages, detection names, or rule IDs
  • Relevant logs or screenshots that show the product blocking or terminating Universal Capture

Related to